MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
May 5, 2026
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic
Cybersecurity
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Five Intelligence Agencies Agree: Slow Down Your AI Agents
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
275 Million Students’ Records Allegedly Stolen in Canvas Breach
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors' data exposed and a Salesforce pivot involved.
Tax Season Never Really Ends for Hackers
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a significant operational expansion.
When Amazon Sends the Phishing Email
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
May 5, 2026
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
May 5, 2026
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
May 5, 2026
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
May 5, 2026
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
May 5, 2026
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer
Five Intelligence Agencies Agree: Slow Down Your AI Agents
May 5, 2026
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel
275 Million Students’ Records Allegedly Stolen in Canvas Breach
May 5, 2026
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors’ data exposed
Tax Season Never Really Ends for Hackers
May 5, 2026
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a
When Amazon Sends the Phishing Email
May 5, 2026
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.